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What is claimed is: 



1 LA method for filtering transport layer connections with application layer information, 

2 comprising the steps of: 

3 receiving a connection request having an application layer component and a 

4 transport layer component; 

5 providing a connection database to store information about connection requests 

6 and associated application layer outcomes; 

7 providing a throttle filter using data from the connection database, the throttle 

8 filter to filter the connection request at the transport layer component; 

9 applying the throttle filter to the received connection request; 

10 if the throttle filter blocks the transport layer component of the connection 

1 1 request, dropping the connection request silently; and 

12 if the throttle filter allows the transport layer component of the connection 

1 3 request, proceeding with the application layer component. 

1 2. The method of claim 1 further comprising the steps of: 

2 adding data from an application layer outcome of the connection request to the 

3 connection database; and 

4 updating the throttle filter with information from the connection database. 

1 3. The method of claim 2 wherein the step of adding data comprises the steps of: 

2 recording a connection requestor identifier to the connection database; and 

3 providing a connection requestor rank to the connection requestor identifier based 

4 on an outcome of the application layer connection component. 

1 4. The method of claim 2 wherein the step of updating the throttle filter with information 

2 from the connection database comprises periodically replacing throttle filter data with a 

3 preselected number of connection requestor identifiers ranked least desirable in the 

4 connection database. 
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1 5. The method of claim 1 wherein the throttle filter is a list of connection request 

2 characteristics and the step of applying the throttle filter further comprises comparing 

3 data from the connection request to the list of connection request characteristics. 

1 6. The method of claim 5 wherein the list of connection request characteristics further 

2 comprises a list of connection requestor IP addresses to be blocked as indicated by data 

3 from the connection database. 

1 7. The method of claim 5 wherein the list of connection request characteristics further 

2 comprises a list of connection requestor port numbers to be blocked as indicated by data 

3 from the connection database. 

1 8. The method of claim 5 wherein the list of connection request characteristics further 

2 comprises a list of connection requestor virtual routing forwarding table IDs to be 

3 blocked as indicated by data from the connection database. 

1 9. The method of claim 1 wherein the step of applying the throttle filter further 

2 comprises the steps of: 

3 determining whether a limit of connections created in a connection cycle period 

4 has been exceeded; 

5 if the limit of connections created has been exceeded, dropping the connection 

6 request; 

7 if the limit of connections created has not been exceeded, determining whether a 

8 rate of incoming connections has been exceeded; 

9 if the rate of incoming connections has been exceeded, then dropping the 

10 connection request; and 

1 1 if the rate of incoming connections has not been exceeded, then comparing 

12 requestor identification information in the connection request to data in the throttle filter. 
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1 10. The method of claim 1 wherein the connection request is an HTTP request, the 

2 application layer component is an HTTP connection component and the transport layer 

3 component is TCP connection component. 

1 11. The method of claim 1 wherein the connection request is an HTTPS request, the 

2 application layer component is an HTTPS connection component and the transport layer 

3 component is TCP connection component. 

1 12. A system to filter server connections in an embedded system, comprising: 

2 a network interface to receive a connection request from a requestor, the 

3 connection request having an application layer connection component and a transport 

4 layer connection component; 

5 a filter device to filter connections using the transport layer connection 



6 component, the filter device including a connection database and a throttle filter, the 

7 connection database to store information about connection requests and application layer 

8 connection component outcomes, the throttle filter having data from the connection 

9 database to filter connection requests using the transport layer connection component; 
10 and 



1 1 a controller coupled to the filter device and the network interface, the controller to 

12 apply the throttle filter to the transport layer connection component of the connection 

1 3 request, to drop the connection request silently if the throttle filter blocks the transport 

14 layer component, to proceed with an application layer connection if the throttle filter 

1 5 allows the transport layer component, to add data about the application layer connection 

1 6 to the connection database, and to update the throttle filter with information about the 

1 7 connection database. 

1 13. The system of claim 12 wherein the server connection is an HTTP server connection, 

2 the application layer connection component is an HTTP connection component, and the 

3 transport layer connection component is a TCP connection component. 
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1 14. The system of claim 12 wherein the server connection is an HTTPS server 

2 connection, the application layer connection component is an HTTPS connection 

3 component, and the transport layer connection component is a TCP connection 

4 component. 

1 15. The system of claim 1 2 wherein the filter device further comprises a rate limiter to 

2 switch the filter device between global and selective modes, the rate limiter to switch the 

3 filter device to global mode if a rate limit threshold is exceeded and to switch the filter 

4 device to selective mode if the rate limit threshold is not exceeded; and 

5 the controller configured to drop the connection request silently without applying 

6 the throttle filter if the filter device is in global mode and to apply the throttle filter if the 

7 filter device is in selective mode. 

1 16. The system of claim 15 wherein the rate limit threshold further comprises a limit of 

2 connections created in a connection cycle period. 

1 1 7. The system of claim 1 5 wherein the rate limit threshold further comprises a rate of 

2 incoming connections. 

1 18. The system of claim 12 wherein the connection database is a table in which each 

2 entry has an IP address of a connection requestor and an associated rank based on an 

3 outcome of a connection attempted in response to a connection request from the 

4 connection requestor. 

1 1 9. The system of claim 1 8 wherein each entry of the table further includes a port 

2 number of the connection requestor. 

1 20. The system of claim 1 8 wherein each entry of the table further includes a virtual 

2 routing forwarding table ID of the connection requestor. 
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1 21. The system of claim 12 wherein each entry in the table includes an entry age, the 

2 filter device configured to delete entries having an entry age that exceeds an age 

3 threshold. 

1 22. The system of claim 12 wherein the throttle filter is a list of IP addresses of 

2 connection requestors to be blocked as indicated by data from the connection database. 

1 23. The system of claim 22 wherein the throttle filter further includes port numbers of 



2 connection requestors to be blocked as indicated by data from the connection database. 

1 24. The system of claim 22 wherein the throttle filter further includes virtual routing 

2 forwarding table IDs of connection requestors to be blocked as indicated by data from the 

3 connection database. 

1 25. A method for filtering HTTP server connections in an embedded system, comprising 

2 the steps of: 

3 receiving a connection request having an HTTP connection component and a TCP 

4 connection component; 

5 providing a connection database to store information about connection requests 

6 and associated HTTP connection outcomes; 

7 providing a throttle filter using data from the connection database, the throttle 

8 filter to filter the connection request at the TCP connection component; 

9 determining whether a limit of connections created in a connection cycle period 

1 0 has been exceeded; 

1 1 if the limit of connections created has been exceeded, dropping the connection 

12 request silently; 

13 if the limit of connections created has not been exceeded, determining whether a 

14 rate of incoming connections has been exceeded; 

1 5 if the rate of incoming connections has been exceeded, then dropping the 

1 6 connection request silently; 
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1 7 if the rate of incoming connections has not been exceeded, then comparing 

18 requestor identification information in the TCP connection component of the connection 

1 9 request to data in the throttle filter; 

20 if the throttle filter blocks the TCP connection component, dropping the 

2 1 connection request silently; 

22 if the throttle filter allows the TCP connection component, proceeding with the 

23 HTTP connection component; 

24 adding data from the HTTP connection component to the connection database; 

25 and 

26 updating the throttle filter with information from the connection database. 

1 26. A method for filtering HTTPS server connections in an embedded system, 

2 comprising the steps of: 

3 receiving a connection request having an HTTPS connection component and a 

4 TCP connection component; 

5 providing a connection database to store information about connection requests 

6 and associated HTTPS connection outcomes; 

7 providing a throttle filter using data from the connection database, the throttle 

8 filter to filter the connection request at the TCP connection component; 

9 determining whether a limit of connections created in a connection cycle period 

1 0 has been exceeded; 

1 1 if the limit of connections created has been exceeded, dropping the connection 

12 request silently; 

13 if the limit of connections created has not been exceeded, determining whether a 

14 rate of incoming connections has been exceeded; 

1 5 if the rate of incoming connections has been exceeded, then dropping the 

1 6 connection request silently; 

1 7 if the rate of incoming connections has not been exceeded, then comparing 

1 8 requestor identification information in the TCP connection component of the connection 

1 9 request to data in the throttle filter; 
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20 if the throttle filter blocks the TCP connection component, dropping the 

2 1 connection request silently; 

22 if the throttle filter allows the TCP connection component, proceeding with the 

23 HTTPS connection component; 

24 adding data from the HTTPS connection component to the connection database; 

25 and 

26 updating the throttle filter with information from the connection database. 

1 27. A computer program product having a computer-readable medium including 

2 computer program logic encoded thereon that, when performed on a computer system 

3 directs the computer system to perform the method of: 

4 receiving a connection request having an application layer component and 

5 a transport layer component; 

6 providing a connection database to store information about connection requests 

7 and associated application layer outcomes; 

8 providing a throttle filter using data from the connection database, the throttle 

9 filter to filter the connection request at the transport layer component; 

10 applying the throttle filter to the received connection request; 

1 1 if the throttle filter blocks the transport layer component of the connection 

12 request, dropping the connection request silently; and 

13 if the throttle filter allows the transport layer component of the connection 

14 request, proceeding with the application layer component. 



